InfoSec Handlers Diary Blog

ISC reader Phil asked a great question earlier today: "I'm wondering if there are data leakage concerns with screenshot tools such as MS Snipping Tool, if such tools have metadata in any of the formats they support".

The leakage is nowhere near as extensive as what is often found in MS Office documents, but it is definitely present. Among lots of information that describe the geometry of the screenshot taken, the more interesting fields include the name of the user who created the "snip", as well as the time stamp. The name is the full user name as configured for the respective windows account. If you want to surreptitiously post an image somewhere under a pseudonym, that's definitely a point to keep in mind ;).

EXIF and XMP tags can be readily removed - again using ExifTool, a simple "exiftool -ALL= image.jpg" will remove all meta tags from the image. Exiftool is friendly enough to create a backup named image.jpg_original, in the rare case something goes wrong in the process.

If you use other screen capture tools and have information on the meta data that gets stored together with the capture, please comment below or via our contact form.